Thursday, April 9, 2009

A confrontation between a group of stranded Somali pirates and the world's greatest military power intensified in the Indian Ocean last night as the bandits refused to release an American hostage despite the presence of a US destroyer.

The US navy called in a team of FBI negotiators and moved the USS Bainbridge into position to try to secure the release of Richard Phillips, who was being held by four Somali gunmen in a lifeboat some 300 miles off the Horn of Africa. But despite an apparently hopeless position, the pirates showed no signs of giving in. "Please pray for us," one of the four told Reuters.

US secretary of state Hillary Clinton said that it appeared the lifeboat, which was no longer tethered to the Alabama, had run out of fuel. Helicopters had also been deployed to the scene, while a P-3 Orion surveillance aircraft was securing aerial footage. "FBI negotiators stationed at Quantico [in Virginia] have been called by the navy to assist with negotiations with the Somali pirates and are fully engaged in this matter," an FBI spokesman said.

Phillips, the captain of the Maersk Alabama, had offered himself as a hostage during a dramatic turn of events in which the gunmen escaped in the ship's lifeboat with their captive after the 20-strong American crew overpowered them and retook control of the vessel. A spokesman for Maersk, the largest container shipping company in the world, said yesterday that Phillips was believed to be unharmed. His family had gathered at his farmhouse in Vermont waiting for news.

Andrew Mwangura, head of the East African Seafarers' Assistance Programme, said last night the Alabama had left the scene and was sailing under armed guard towards Mombasa, Kenya, its original destination, where it was expected to dock on Saturday. None of the crew members were hurt in the attack.

A stalemate appeared to be established in which neither side had much room for negotiation. The gunmen know they are likely to be arrested if they give their hostage up while still far out to sea. In Harardheere, one of the notorious pirate strongholds in Somalia, an associate of the gang said that two boatloads of gunmen had left the port to try to assist their colleagues.

"Our friends are still holding the captain but they cannot move, they are afraid of the warships. We want a ransom and, of course, the captain is our shield. The warships might not destroy the boat as long as he is on board."

The Alabama was the sixth ship to be hijacked off Somalia's Indian Ocean coast in a week, and is believed to be the first American-flagged merchant vessel to be attacked by pirates anywhere since the early 19th century. The surge in attacks has coincided with a return to calm seas after the monsoon period, and has seen the main pirate gangs shift their focus away from their favoured hunting ground in the Gulf of Aden, off northern Somalia, which is now patrolled by at least 15 warships in separate EU, US and Nato-led forces.

It is likely that the pirates used a previously captured mothership from which to launch their speedboat before attacking the Alabama. Normally at least nine or 10 gunmen form part of an attack team, and it is not known why just four men armed with AK-47s tried to take the large container ship, usually a difficult vessel to hijack due to its speed and the height of its deck. The ship is carrying thousands of tonnes of food aid, some of it meant for Somalia.

According to second mate Ken Quinn, who spoke by telephone to CNN, the pirates sank their speedboat shortly after boarding the Alabama early on Wednesday. The crew managed to regain control of the ship from the pirates by "brute force", according to another crew member's account. Phillips is reported to have convinced the gunmen to board the lifeboat after agreeing to go with them, in order to secure the safety of his fellow sailors.

In a message to agency employees on Thursday, Panetta said he had notified the congressional oversight committees about the current CIA policy regarding interrogations.

Besides discontinuing the use of contractors, the director outlined in the message other steps taken in response to executive orders issued by President Obama in January.

The harsh interrogation techniques authorized by the Bush administration will no longer be used. Panetta said questioning of suspected terrorists will follow the approaches authorized in the Army Field Manual.

The director said the agency will "not tolerate, and will continue to promptly report, any inappropriate behavior or allegations of abuse."

He said that included suspects held by Americans or those who might have been transferred to other countries.

The secret prisons used to detain terror suspects have been closed, Panetta said.

This piece of computer code told the worm to activate on April 1, researchers found.

Researchers were analyzing the code of the software that is being dropped onto infected computers but suspect that it is a keystroke logger or some other program designed to steal sensitive data off the machine, said David Perry, global director of security education at Trend Micro.

The software appeared to be a .sys component hiding behind a rootkit, which is software that is designed to hide the fact that a computer has been compromised, according to Trend Micro. The software is heavily encrypted, which makes code analysis difficult, the researchers said.

The worm also tries to connect to MySpace.com, MSN.com, eBay.com, CNN.com and AOL.com as a way to test that the computer has Internet connectivity, deletes all traces of itself in the host machine, and is set to shut down on May 3, according to the TrendLabs Malware Blog.

Because infected computers are receiving the new component in a staggered manner rather than all at once there should be no disruption to the Web sites the computers visit, said Paul Ferguson, advanced threats researcher for Trend Micro.

"After May 3, it shuts down and won't do any replication," Perry said. However, infected computers could still be remotely controlled to do something else, he added.

"As expected, the P2P communications of the Downad/Conficker botnet may have just been used to serve an update, and not via HTTP," the blog post says. "The Conficker/Downad P2P communications is now running in full swing!"

In addition to adding the new propagation functionality, Conficker communicates with servers that are associated with the Waledac family of malware and its Storm botnet, according to a separate blog post by Trend Micro security researcher Rik Ferguson.

The worm tries to access a known Waledac domain and download another encrypted file, the researchers said.

Conficker.C failed to make a splash a week ago despite the fact that it was programmed to activate on April 1. It has infected between 3 million and 12 million computers, according to Perry.

Initially, researchers thought they were seeing a new variant of the Conficker worm, but now they believe it is merely a new component of the worm.

The worm spreads via a hole in Windows that Microsoft patched in October, as well as through removable storage devices and network shares with weak passwords.

WASHINGTON (CNN) -- Computer hackers have embedded software in the United States' electricity grid and other infrastructure that could potentially disrupt service or damage equipment, two former federal officials told CNN.

The ex-officials say code also has been found in computer systems of oil and gas distributors.

The code in the power grid was discovered in 2006 or 2007, according to one of the officials, who called it "the 21st century version of Cold War spying."

Department of Homeland Security Director Janet Napolitano would not confirm such a breach, but said Wednesday that there has been no known damage caused by one.

"There have been, to my knowledge, no disruptions of power on any grid caused by a deliberate cyberattack on our infrastructure -- on the grid," Napolitano said. "Nonetheless, we remain in constant protection, prevention, education, resiliency mode and we work with the utility sector particularly on that."

The U.S. power grid isn't the only system at risk. The former officials said malicious code has been found in the computer systems of oil and gas distributors, telecommunications companies and financial services industries.

Napolitano said the vulnerability of the nation's power grid to cyberattacks "has been something that the Department of Homeland Security and the energy sector have known about for years," and that the department has programs in place to fight such attacks.

Security experts say such computer hacking could be the work of a foreign government -- possibly Russia or China -- seeking to compromise U.S. security in the event of a future military conflict.

Don't Miss'Smart grid' may be vulnerable to hackersFormer CIA operative Robert Baer said he is not aware of a specific breach like the one the former officials describe. But he said people in the intelligence community assume that such attacks from countries like China go on all the time.

"Their foreign intelligence service has been probing our computers, our defense computers, our defense contractors, our power grids, our telephone system. ... I just came from a speech at the national defense university and they were hit by the Chinese trying to get into their systems," Baer said.

"They are testing and have gotten in portals. It's a serious threat."

Baer said if the software was embedded by a foreign government, he doubts it would be used to launch a surprise attack. Instead, he said, that government likely would keep the bugs in place in case of a future conflict with the United States.

"It's deterrence in the event of war," he said. "They will have another weapon at their disposal, which will be to turn off our power.